Send Auth Token to server for validation
complete
Andrew Stover
When using SSR framework like NextJS, in order to render protected data server side, you must establish a JWT or session on initial login. Subsequent requests will then grab user from session and get protected data. Google Firebase Auth lets you get their Auth token, pass it to server, and validate server side, allowing you to create a session via third party Auth service.
Not sure how this would work with Stitch. Is it possible to render protected data on the server on initial load? If not, it would get rid of a lot of the benefits of SSR apps.
Example of NextJS + Firebase auth: https://github.com/zeit/next.js/blob/master/examples/with-firebase-authentication/server.js
Drew DiPalma
complete
Hi All – We recently released Custom Function Authentication in Stitch, which I believe addresses this use case. Please let me know or open an addition feature request if there are any outstanding issues.
https://docs.mongodb.com/stitch/authentication/custom-function/index.html
Drew DiPalma
Hi Folks – We have a project in-progress which will allow function-based authentication that I believe will solve this need. I will update this ticket when it is released.
Jonathan Gautier
Drew DiPalma:
If you know okta, if is possible we need something like this after client was authenticated in react app for example.
We can call function to get or create access token inside app and use it line 34-37.
And in server ( microservices ) we can verify the token access like this project line 42
Your project in progress will create token client side after authentication and we can verify in server when client call API ( microservices ) ? I know you already create access_token and you write in locale storage of browser. We just need function to check this access_token when we send to API or something else.
Jonathan Gautier
Mongo Any news about this we need this for microservices Thanks
Uncle Petros
Yes, we are also looking for a way to do it with stitch.
We are migrating a microservice web app from firebase to mongodb stitch, but haven't find a way to send our custom token to server microservices.
We could send the stitch session access token to the server, but we'd need an sdk method to verify it.
Besides, it would be great if auth token could contain initial custom JWT info (at least metadata fields).